Home

Papers

HoneyPots
Collecting Autonomous Spreading Malware Using High-Interaction Honeypots by Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, andWei Zou, January, 2008

Active Honeypots by Dieter Joho, December 16, 2004

Towards a Third Generation Data Capture Architecture for Honeynets by Edward Balas and Camilo Viecco, 15-17 June 2005

Building a GenII Honeynet Gateway by Diego González Gómez, 14 November, 2004

Application of a Methodology to Characterize Rootkits Retrieved from Honeynets by John Levine, Julian Grizzard, Henry Owen

on the Advantages of Deploying a Large Scale Distributed Honeypot Platform by F. Pouget, M. Dacier, V.H. Pham

An Investigation of a Compromised Host on a Honeynet Being Used to Increase the Security of a Large Enterprise Network by Timothy R. Jackson, John G. Levine, Julian B. Grizzard, Henry L. Owen

An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied by Bill Cheswick

HONEYNETS: FOUNDATIONS FOR THE DEVELOPMENT OF EARLY WARNING INFORMATION SYSTEMS by F. Pouget, M. Dacier, V.H. Pham, H. Debar

Honeypot-based Forensics by F. Pouget, M. Dacier

White Paper: Honeypots by Reto Baumann, Christian Plattner, February 26, 2002

Towards Evil Honeypots ?! Towards Evil Honeypots ?! by OUDOT Laurent

Honeycomb . Creating Intrusion Detection Signatures Using Honeypots by Christian Kreibich, Jon Crowcroft

NoSEBrEaK – Attacking Honeynets by Maximillian Dornseif, Thorsten Holz, Christian N. Klein, 7–9 June 2004

NoSEBrEaK - Defeating Honeynets by Maximillian Dornseif, Thorsten Holz, Christian N. Klein, 7–9 June 2004

Detecting Honeypots and other suspicious environments. by Thorsten Holz Frederic Raynal, 15–17 June 2005

HoneyStat: LocalWorm Detection Using Honeypots by David Dagon, Xinzhou Qin, Guofei Gu,Wenke Lee, Julian Grizzard, John Levine, and Henry Owen

Attack Processes found on the Internet by Marc Dacier, Fabien Pouget, Hervé Debar

  

Worms
Detecting worms through de-centralized monitoring by Raman Arora, May 3, 2004

Fileprint Analysis for Malware Detection by Salvatore J. Stolfo, Ke Wang, Wei-Jen Li

The Blaster Worm: Then and Now by MICHAEL BAILEY, EVAN COOKE, FARNAM JAHANIAN, AND DAVID WATSON

Routing Worm: A Fast, Selective Attack Worm based on IP Address Information by Cliff C. Zou†, Don Towsley‡, Weibo Gong†, Songlin Cai†

Collaborative Internet Worm Containment by MIN CAI, KAI HWANG, YUKWONG KWOK, SHANSHAN SONG, AND YU CHEN

Back-Door’ed by the Slammer by John Hally, Sept 4, 2003

A PHYSIOLOGICAL DECOMPOSITION OF VIRUS AND WORM PROGRAMS by Prabhat Kumar Singh, spring 2002

Shoot the Messenger: IM Worms by infectionvectors.com, June 2005

Automated Worm Fingerprinting by Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage

The Evolution of Viruses and Worms by Thomas M. Chen

INTERNET WORMS AS INTERNET-WIDE THREAT by Nikolai Joukov and Tzi-cker Chiueh

Beagle.BG-BJ/Mitglieder (Tooso) Propagation by infectionvectors.com, March 2005

Superworms and Cryptovirology: a Deadly Combination by Ivan Balepin

Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event by Abhishek Kumar, Vern Paxson, Nicholas Weaver

Polygraph: Automatically Generating Signatures for Polymorphic Worms by James Newsome, Brad Karp, Dawn Song

Deworming the Internet by Douglas A. Barnes

Worms of the future by Nicolas STAMPF, October 2, 2003

Early Bird: Catching worms while sysadmins sleep by Andrew Hill, November 2, 2003

Who Wrote Sobig? 17-July-2004

Worm Mitigation on Broadband Networks by Sandvine Incorporated, October 2003,

Simulating and optimising worm propagation algorithms by Tom Vogt, 29th September 2003

Monitoring and Early Warning for Internet Worms by Cliff Changchun Zou, Lixin Gao, Weibo Gong, Don Towsley

Trends in Viruses and Worms by Tom Chen

Using Predators to Combat Worms and Viruses: A Simulation-Based Study by Ajay Gupta, Daniel C. DuVarney

Lessons from Virus Developers: The Beagle Worm History Through April 24, 2004 by Jason Gordon

Slowing Down Internet Worms by Shigang Chen, Yong Tang

A Worst-Case Worm by Nicholas Weaver, Vern Paxson, June 8, 2004

Inoculating SSH Against Address-Harvesting Worms by Stuart E. Schechter, Jaeyeon Jung, Will Stockwell, Cynthia McLain

The Effect of Infection Time on Internet Worm Propagation by Erika Rice, May 1, 2004

Fake FBI email Worm Exposed by Debasis Mohanty (a.k.a Tr0y), 24th Feb, 2005

Models of Active Worm Defenses by David M. Nicol, Michael Liljenstam

Code Red Worm Propagation Modeling and Analysis by Cliff Changchun Zou, Weibo Gong, Don Towsley

  

RootKits
An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits by Michael Myers, Stephen Youndt, August 7, 2007

SubVirt: Implementing malware with virtual machines by Samuel T. King, Peter M. Chen, Yi-Min Wang, Chad Verbowski, Helen J. Wang and Jacob R. Lorch

Hide'n Seek revisited - Full stealth is back by Kimmo Kasslin, Mika Ståhlberg, Samuli Larvala and Antti Tikkanen

Malware Profiling and Rootkit Detection on Windows by Matt Conover

Analysis of a win32 userland rootkit by Kdm

FU Rootkit by Mariusz Burdach, 18 August 2004

Concepts for the Stealth Windows Rootkit (The Chameleon Project) by Joanna Rutkowska, September 2003

A Methodology for Detecting New Binary Rootkit Exploits by John Levine, Brian Culver, Henry Owen

An Overview of Unix Rootkits by Anton Chuvakin, February 2003

Datenbank Rootkits (German) by Alexander Kornbrust

Datenbank Rootkits (English) by Alexander Kornbrust

  

Exploits
Remote Desktop Protocol, the Good the Bad and the Ugly by Massimiliano Montoro, May, 28, 2005

Is finding security holes a good idea? by Eric Rescorla

JPEG Vulnerability: A day in the life of the JPEG Vulnerability by Charles Hornat, October 10, 2004

JPEG exploit variant: creation and using by Andrey Bayora January 9, 2005

The Evolution of Cross-Site Scripting Attacks by David Endler, May 20, 2002

The Anatomy of Cross Site Scriptings by Gavin Zuchlinski, November 5, 2003

Manipulating Microsoft SQL Server Using SQL Injection by Cesar Cerrudo

  

Malware Research
DIY Malware Analysis by www.syngress.com

Malware - future trends by Dancho Danchev

The Evolution of Malicious Agents by Lenny Zeltser

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities by Yi-Min Wang, Doug Beck, Xuxian Jiang, Roussi Roussev

VX Reversing I, the basics by Eduardo Labir, 2004

Reverse Engineering Malware by Lenny Zeltser, May 2001

Reverse Engineering in Computer Applications by Fotis Fotopoulos, 2001

REVERSE CODE ENGINEERING: AN IN-DEPTH ANALYSIS OF THE BAGLE VIRUS by Konstantin Rozinov

Malicious Codes in Depth by Mohammad Heidari, November 13, 2004

  

Other
Fast-Flux Service Networks by The Honeynet Project & Research Alliance, July 13, 2007

The Role of Modeling and Simulation in Information Security. The Lost Ring by Mohammad Heidari, February 3, 2006

Protecting Free Expression Online with Freenet by Ian Clarke, Scott G. Miller, Theodore W.Hong, Oskar Sandberg and Brandon Wiley

The Pharming Guide, Understanding & Preventing DNS-related Attacks by Phishers by NGS

Mapping Internet SensorsWith Probe Response Attacks by John Bethencourt, Jason Franklin, Mary Vernon

Browser Identification for web applications by Shreeraj Shah

Computer Viruses: The Threat Today and The Expected Future by Xin Li, 2003-09-29

Forensic examination of log files by Joan Petur Petersen, January 31, 2005

Checking Microsoft Windows® Systems for Signs of Compromise by Simon Baker, Patrick Green, Thomas Meyer, Garaidh Cochrane, 18/10/04

TROJANS, WORMS, AND SPYWARE by Michael Erbschloe, 2005

Hiding an Intrusion Detection System (IDS) by Bob Radvanovsky, March 2004

Anti-Malware Tools: Intrusion Detection Systems by Martin Overton

Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks by Felix C. Freiling, Thorsten Holz, Georg Wicherski, April 2005

How to Bypass Your Corporate Firewall Using SSH Tunneling by ~pingywon, 2004

Bypassing Firewalls: Tools and Techniques by Jake Hill, March 23, 2000

Infosecurity Europe 2005 - First Issue of (IN)SECURE Magazine by Berislav Kucan, 27 April 2005

ICMP Usage in Scanning by Ofir Arkin, July 2000

Remote physical device fingerprinting by Tadayoshi Kohno, Andre Broido, kc claffy

A generic threat analysis for an Internet enabled organisation. by SANS Institute, 2003

Host Discovery with nmap by Mark Wolfgang, November 2002

Computer Hacking & Cybercrime

A System to Support the Analysis of Antivirus Products' Virus Detection Capabilities by Marko Helenius

Poison Ivy Farmers: Virus Collections by infectionvectors.com, May 2005

Analysis of SubSeven.Trojan Distributed Attack Feature by iDEFENSE, 2000